Malware

Malware.AI.1748116367 malicious file

Malware Removal

The Malware.AI.1748116367 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.1748116367 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • Enumerates running processes
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial language used in binary resources: Russian
  • Authenticode signature is invalid
  • Created a process from a suspicious location
  • Creates a copy of itself

How to determine Malware.AI.1748116367?



File Info:

name: EFB87975EDACBFA17C0F.mlw
path: /opt/CAPEv2/storage/binaries/7638c1190c05110d70e3fc2fa9270bfaac99a7a63ed7628c1e671048f690cf93
crc32: 9A09EA05
md5: efb87975edacbfa17c0f703f72cf9a67
sha1: 93c35b3b394a61439737c1f5f9cd2894cfddbf1b
sha256: 7638c1190c05110d70e3fc2fa9270bfaac99a7a63ed7628c1e671048f690cf93
sha512: ee340f921ffe01c27eb7ab57e7fe1f8500014ba03fcd085c261c00ebee226993f15f2407531ab35d4899efb441f708ca27e1fde246bb6d8b77e8a5095d42af40
ssdeep: 12288:PXYAQfXlvtGonRgO2lkGsPQCwZa8I8xFHT:/3StGoRB2iGsnwkEFHT
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1D325F1369B83D577C0D9463246DF0EBCBF326285420A172EC259982D6EA3B9D7F06F14
sha3_384: e6d6a5473421880d3c015f758b66c0738b6aff98093ba826e91a0fc79ee8be5aa86a957b8c8c96fe6f3b49aed456df14
ep_bytes: 03d8558bec83c4c02bfa03d0f7da03cb
timestamp: 2005-01-29 13:02:30


Version Info:

CompanyName: Jvwgjv Mxoiw
FileDescription: Jvwgjv Yvlnvp Jnpeprjdg
FileVersion: 19, 94, 106, 63
InternalName: Jvwgjv
LegalCopyright: Copyright © Jvwgjv Mxoiw 1998-2011
OriginalFilename: Jvwgjv.exe
ProductName: Jvwgjv Yvlnvp Jnpeprjdg
ProductVersion: 62, 10, 36, 122
Translation: 0x0409 0x04e4

Malware.AI.1748116367 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Graftor.963526
CAT-QuickHealWorm.SlenfBot.Gen
McAfeeGenericR-HKM!EFB87975EDAC
CylanceUnsafe
ZillyaTrojan.Kryptik.Win32.881720
SangforHacktool.Win32.Obfuscator.QR
K7AntiVirusTrojan ( 0055dd191 )
AlibabaVirTool:Win32/Obfuscator.e85e51ff
K7GWTrojan ( 0055dd191 )
Cybereasonmalicious.5edacb
BitDefenderThetaGen:NN.ZexaF.34212.@q3@aOdvkPcc
SymantecW32.Qakbot!gen5
ESET-NOD32a variant of Win32/Kryptik.MHV
APEXMalicious
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Graftor.963526
NANO-AntivirusTrojan.Win32.Kolab.imkgu
AvastWin32:MalOb-FS [Cryp]
TencentMalware.Win32.Gencirc.10bf8b6f
Ad-AwareGen:Variant.Graftor.963526
EmsisoftGen:Variant.Graftor.963526 (B)
ComodoTrojWare.Win32.TrojanSpy.Zbot.G@2tckk5
VIPRETrojan.Win32.Kryptik.mcf (v)
TrendMicroBKDR_QAKBOT.SMG
McAfee-GW-EditionGenericR-HKM!EFB87975EDAC
FireEyeGeneric.mg.efb87975edacbfa1
SophosMal/Generic-R + Mal/FakeAV-IU
SentinelOneStatic AI – Malicious PE
JiangminWorm/Kolab.gsy
AviraTR/Crypt.XPACK.Gen
Antiy-AVLTrojan/Win32.AGeneric
MicrosoftTrojan:Win32/Sefnit.R
ViRobotWorm.Win32.A.Net-Kolab.3566720
GDataGen:Variant.Graftor.963526
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.R443269
Acronissuspicious
VBA32Trojan.Zeus.EA.0999
ALYacGen:Variant.Graftor.963526
MAXmalware (ai score=100)
MalwarebytesMalware.AI.1748116367
TrendMicro-HouseCallBKDR_QAKBOT.SMG
RisingTrojan.Kryptik!8.8 (CLOUD)
YandexTrojan.GenAsa!Yc00/yyTAeg
IkarusBackdoor.Win32.Rbot
eGambitGeneric.Malware
FortinetW32/Kryptik.NAS!tr
AVGWin32:MalOb-FS [Cryp]
PandaBck/Qbot.AO
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Malware.AI.1748116367?

Malware.AI.1748116367 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment